Search code examples
loggingfilteringpostfix-mta

filtering postfix log which mail was sent or bounced

I have a problem with filtering log of postfix in /var/log/maillog.

I do a command cat maillog | grep bounced | grep said and filtering which mails didn't sent and reason of its like this:

Nov 10 10:48:40 host-10-190-10-26 postfix/smtp[7075]: 7AF986C13: to=, relay=gmail-smtp-in.l.google.com

[74.125.28.26]:25, delay=2.1, delays=0.04/0/1.9/0.2, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.28.26] said:

550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address

for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596

wv1si15262329pab.224 - gsmtp (in reply to RCPT TO command)) Nov 13 10:47:28 host-10-190-10-26 postfix/smtp[28250]: B0D491E80: to=, relay=gmail-smtp-in.l.google.com

[74.125.20.27]:25, delay=3, delays=0.02/0.02/2.8/0.23, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.20.27] said:

550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address

for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596

ce9si24575145pdb.68 - gsmtp (in reply to RCPT TO command)) Nov 13 10:49:41 host-10-190-10-26 postfix/smtp[28278]: 525811E80: to=, relay=www.haha.com[140.174.93.116]:25, delay=7.2,

delays=0.05/0.01/6.6/0.53, dsn=5.3.0, status=bounced (host www.haha.com[140.174.93.116] said: 553 5.3.0 ... User unknown

(in reply to RCPT TO command))

and now I need to export the following fields: to and said: into a file with 2 columm

Someone help me or give a some idea.

Solution

  • something like this?

    grep status=bounced /var/log/mail.log | sed -e 's/.*to=<//g' -e 's/>,.*said://g'

    Update: not quite sure what you mean by "something that has columns", but i modified it so it is separated by semicolons. That should make it easy to import into any office-app (like MS Excel)

    grep status=bounced /var/log/mail.log | sed -e 's/.*to=<//g' -e 's/\(.*\)>,.*said:\ /\1;/g' > bounced_mail.csv

    Please mark the answer as useful if you like it.

    2nd Update: off the top of my head, a fast and dirty solution (not tested in ANY way!!)

    1. paste the code above into an executable shellscript

    2. delete the line /var/log/maillog from /etc/logrotate.d/syslog

    3. create a new file /etc/logrotate.d/postfix

    with the following content:

    /var/log/maillog {
prerotate
    /path/to/shellscript.sh > /path/to/outputfile-$(date +%Y%m%d).txt 2> /dev/null
postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript 
}

    Please beware, that you should test that thoroughly!